📄 Description (English)
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.
🤖 AI Executive Summary
CVE-2018-25421 is a path traversal vulnerability in Open STA Manager 2.3 that allows authenticated users to download arbitrary files from the server by manipulating directory traversal sequences. While requiring authentication, this vulnerability poses a significant risk to organizations using this software, as attackers with valid credentials can access sensitive system files and configuration data. The lack of available patches makes this a persistent threat requiring immediate compensating controls.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 30, 2026 20:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily affects Saudi organizations using Open STA Manager for administrative or management purposes. Government agencies (NCA, CITC), healthcare institutions, and educational organizations managing system backups are at highest risk. The ability to download arbitrary files could expose sensitive data including system configurations, database credentials, and personal information. Organizations in the financial sector using this software for administrative functions face compliance violations under SAMA CSF requirements. The authenticated nature of the attack reduces immediate risk but increases insider threat concerns.
🏢 Affected Saudi Sectors
Government
Healthcare
Education
Financial Services
Telecommunications
Energy
🎯 MITRE ATT&CK Techniques
T1005 - Data from Local System
T1020 - Automated Exfiltration
T1030 - Data Transfer Size Limits
T1041 - Exfiltration Over C2 Channel
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1552 - Unsecured Credentials
T1552.001 - Credentials In Files
T1566 - Phishing
T1190 - Exploit Public-Facing Application
⚖️ Saudi Risk Score (AI)
6.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Audit all user accounts with access to Open STA Manager and review access logs for suspicious file download activities
2. Implement strict input validation and sanitization on the file parameter in modules/backup/actions.php
3. Disable or restrict access to the getfile operation until a permanent fix is deployed
Compensating Controls:
1. Implement Web Application Firewall (WAF) rules to block requests containing ../ sequences to the backup module
2. Apply principle of least privilege - restrict file system permissions so the web server process cannot access sensitive system files
3. Implement file access logging and monitoring for the backup directory
4. Use chroot jails or containerization to limit file system access scope
5. Implement rate limiting on backup/actions.php endpoints
Detection Rules:
1. Monitor for GET requests to modules/backup/actions.php with op=getfile parameter
2. Alert on any file parameter containing ../ or encoded traversal sequences (%2e%2e%2f)
3. Log and alert on access to sensitive files (/etc/passwd, /etc/shadow, configuration files) via web server process
4. Monitor for unusual file downloads from backup module by authenticated users
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع حسابات المستخدمين التي لها وصول إلى Open STA Manager ومراجعة سجلات الوصول للأنشطة المريبة لتنزيل الملفات
2. تنفيذ التحقق من صحة المدخلات والتطهير الصارم على معامل الملف في modules/backup/actions.php
3. تعطيل أو تقييد الوصول إلى عملية getfile حتى يتم نشر إصلاح دائم
الضوابط التعويضية:
1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات التي تحتوي على تسلسلات ../ إلى وحدة النسخ الاحتياطية
2. تطبيق مبدأ أقل امتياز - تقييد أذونات نظام الملفات بحيث لا يمكن لعملية خادم الويب الوصول إلى الملفات الحساسة
3. تنفيذ تسجيل ومراقبة الوصول إلى الملفات لدليل النسخ الاحتياطية
4. استخدام chroot jails أو الحاويات لتحديد نطاق الوصول إلى نظام الملفات
5. تنفيذ تحديد معدل على نقاط نهاية backup/actions.php
قواعد الكشف:
1. مراقبة طلبات GET إلى modules/backup/actions.php مع معامل op=getfile
2. التنبيه على أي معامل ملف يحتوي على ../ أو تسلسلات اجتياز مشفرة (%2e%2e%2f)
3. تسجيل والتنبيه على الوصول إلى الملفات الحساسة (/etc/passwd, /etc/shadow, ملفات التكوين) عبر عملية خادم الويب
4. مراقبة تنزيلات الملفات غير العادية من وحدة النسخ الاحتياطية من قبل المستخدمين المصرحين
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.8.2.1 - Classification of information
A.8.2.3 - Handling of assets
A.12.4.1 - Event logging
A.12.4.3 - Protection of log information
🔵 SAMA CSF
ID.AM-2 - Software inventory
PR.AC-1 - Access control policy
PR.AC-4 - Access rights management
PR.PT-1 - Audit and accountability
DE.CM-1 - System monitoring
DE.CM-3 - Unauthorized software detection
🟡 ISO 27001:2022
A.5.1.1 - Information security policies
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights
A.8.2.1 - Classification of information
A.8.2.3 - Handling of assets
A.12.4.1 - Event logging
A.12.4.3 - Protection of log information
A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall configuration standards
Requirement 6.5.1 - Injection flaws
Requirement 7.1 - Limit access to system components
Requirement 10.2 - Implement automated audit trails
🔗 References & Sources 4
🔗
🔗
🔗
🔗
http://www.openstamanager.com/
disclosure@vulncheck.com
https://sourceforge.net/projects/openstamanager/files/latest/download
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45693
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/open-sta-manager-arbitrary-file-download-via-path-...
disclosure@vulncheck.com